Additional Security Measures for *nix
Many posts here go into great detail about which services to lock down on *nix servers and which versions of security toolz to run such as tripwire and such. One area that seems to get neglect is SUID files, GUID files and world-writable files.
Whenever I am asked to prepare a *nix server, I *always* issue these commands to check and see which files are SUID,GUID and world-writable.
* For SUID:
==============================
find / -type f -perm -4000 -ls
** For GUID
==============================
find / type f -perm -2000 -ls
For World-Writable
==============================
find / -perm -2 -type f -print
You may ask, well, what is the significance of this? It's simple. If I'm looking to comprimise your server and I have exausted all the typical easy avenues, I will eventually begin looking for world writable filez in order to gain root access. In addition, I will certainly look for SUID files that programs use on your machine. Pay close attention to the /dev partition too as it is *very* dangerous to have devices that are world-writable.
Once you lock down file permissions, services and have applied the proper security patches, you shold have a solid *nix system. At this point I usually hammer against the box to be sure that I haven't missed anything. Only after this point, will I install the necessary software and then hammer on it one more time before approving it for internet exposure.
Anyway, just wanted to share a little *nix tip with the AO community.
* Fat finger typo pointed out by Itch
** Fat finger typo pointed out by Itch
--TH13
Re: Additional Security Measures for *nix
Quote:
Originally posted here by thehorse13
Whenever I am asked to prepare a *nix server, I *always* issue these commands to check and see which files are SUID,GUID and world-writable.
* For SUID:
==============================
find / -type f -perm -4000 -ls
** For GUID
==============================
find / type f -perm -2000 -ls
Hi guys,
You wanna try my trick, you just type "one command" and you will have both SUID and GUID instead of typing "# find / -type -perm -4000 -ls and # find / -type f -perm -2000 -ls"
Code:
sweet# find / -type f -perm +6000 -ls
I hope you like my trick
Cheersss
annya